Security researchers have discovered a campaign that installs XMRig Coinminer on Windows web servers running on Apache using the Cobalt Strike tool. The threat actors tend to target old versions of the Apache web server with PHP installed. They also attempted to install Gh0st RAT as a backup plan. A Coinminer is installed once control over the systems is established. You’re advised to check for upload vulnerabilities and implement access control measures and a password change policy to mitigate such threats.
Group-IB’s Threat Intelligence and Defence Centre Equip Undergraduates with Sophisticated Cybersecurity Technologies to Boost Threat Analysis and Enhance Cyber Resilience for Campus Start-ups
Hey there from the heart of the San Francisco Bay Area! It’s an absolute pleasure to have you back again for our chat on some
